Vulnerabilities > Projectworlds > Online Examination System
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-15 | CVE-2024-42843 | SQL Injection vulnerability in Projectworlds Online Examination System 1.0 Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. | 9.8 |
| 2023-12-21 | CVE-2023-45120 | Unspecified vulnerability in Projectworlds Online Examination System 1.0 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-12-21 | CVE-2023-45121 | Unspecified vulnerability in Projectworlds Online Examination System 1.0 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-12-21 | CVE-2023-45115 | Unspecified vulnerability in Projectworlds Online Examination System 1.0 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-12-21 | CVE-2023-45116 | Unspecified vulnerability in Projectworlds Online Examination System 1.0 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-12-21 | CVE-2023-45117 | SQL Injection vulnerability in Projectworlds Online Examination System 1.0 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-12-21 | CVE-2023-45118 | Unspecified vulnerability in Projectworlds Online Examination System 1.0 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-12-21 | CVE-2023-45119 | Unspecified vulnerability in Projectworlds Online Examination System 1.0 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2022-10-14 | CVE-2022-42066 | Cross-site Scripting vulnerability in Projectworlds Online Examination System 1.0 Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. | 6.1 |
| 2022-01-21 | CVE-2021-46307 | SQL Injection vulnerability in Projectworlds Online Examination System 1.0 An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | 9.8 |